Florian Weimer discovered that delegate code in ImageMagick isvulnerable to shell command injection using specially crafted filenames. This allows attackers to encode commands inside of graphiccommands. With some user interaction, this is exploitable throughGnus and Thunderbird. This update filters out the '$' character aswell, which was forgotton in the former update.

For the old stable distribution (woody) this problem has been fixed inversion 5.4.4.5-1woody8.

For the stable distribution (sarge) this problem has been fixed inversion 6.0.6.2-2.6.

For the unstable distribution (sid) this problem has been fixed inversion 6.2.4.5-0.6.

We recommend that you upgrade your imagemagick packages.

Upgrade Instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: